httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Stewart" <>
Subject [users@httpd] Only the first request = 'Invalid direct reference to form login page' but not the rest.
Date Wed, 23 Jul 2008 09:03:31 GMT
 I've set up a pair of Apache Tomcat servers (6.0.16) (using
simpleTcpCluster for session replication) being reverse proxied by an
Apache HTTPD server (2.2.8) all on the same machine.

 I have a java servlet that requires authentication. The servlet when
accessed directly on either one of the Tomcats works fine - normal
operation being...

User goes to servlet URL.
Server redirects to login page.
User sends j_security parameters (Yes, this is FORM authentication).
If authenticates to valid user server redirects to originally requested URL.

 However, when I access the same servlet through the reverse proxy
after restarting the servers (this only happens with the VERY FIRST
request on the servers) I get this...

User goes to servlet URL.
Server redirects to login page.
User sends j_security parameters.
Server reports "Invalid direct reference to form login page".

 This error happens once then all works well even following the exact
same steps from another instance of the same browser (after closing
the browser to clear any session cookies). It happens even if you use
WGET to perform the same operations, so I believe this rules out
browser quirks too. It happens in IE and Firefox - all on only the
first request to the proxy.

 I've also discovered that if I perform the steps described above
direct to either of the Tomcat instances before going through the
proxy then the problem then does not occur at all. Which makes me
think it's a proxy/HTTPD problem.

 I've checked the Apache v2.2.9 changelog and I can't see anything
that may be relevant, if this is a bug. However, if anyone knows
different let me know.

 Any help much appreciated. Let me know if you need more details or if
I should be talking to the tomcat group.

Rob (

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message